Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Trying to make sense of dns forwarding (noob question)

    DHCP and DNS
    2
    2
    1.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Paul47
      last edited by

      I was looking at these two wiki entries:

      DNS Forwarder

      Blocking DNS queries to external resolvers

      Specifically:

      If the DNS forwarder is enabled, the internal interface IP for pfSense will be handed out to DHCP clients for a DNS server. If the DNS forwarder is disabled, your system's currently configured DNS servers will be handed out instead.

      So… the DHCP clients receive either the pfSense Lan address, and pfSense forwards the client DNS requests to its configured servers for them; or the DHCP clients receive the configured servers that they can access directly? Guess I don't see the point, outside of not having to configure public DNS servers in the client machines, but you don't have to do that with DHCP anyway. So there is no point? Or is pfSense caching those DNS requests if the forwarder is turned on? Is caching the point?

      Also, what happens with static addressing? In the 2nd link above, does that dodge work for static addressing too? In other words if your user wants to use an "anything goes" DNS so he can look at porn at work, and you'd rather steer him to OpenDNS, that method will work? Will he have to change his DNS server setting to the pfSense lan address, to see any internet at all?

      1 Reply Last reply Reply Quote 0
      • W
        wallabybob
        last edited by

        @Paul47:

        Or is pfSense caching those DNS requests if the forwarder is turned on?

        Yes.

        @Paul47:

        Is caching the point?

        Yes, generally. The DNS forwarder can also be used to apply local host name overrides, for example, point the name of the server of banner ads to a "non-existent" IP address or to a host that will quickly give a NULL reply.

        @Paul47:

        Also, what happens with static addressing? In the 2nd link above, does that dodge work for static addressing too? In other words if your user wants to use an "anything goes" DNS so he can look at porn at work, and you'd rather steer him to OpenDNS, that method will work?

        Automatic if user configures by DHCP and has no local DNS overrides. If user has local DNS overrides (or configured DNS because they have static IP address) they will find they suddenly can't access their name server and will probably have to squeal for help.

        @Paul47:

        Will he have to change his DNS server setting to the pfSense lan address, to see any internet at all?

        Yes if he wants to resolve hostnames (e.g. wants ping www.google.com to "work"); no if he is content to use IP addresses.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.